Cross-Organization Account Disruption in Capgo's SSO Prelink Endpoint
CVE-2026-56313
7.2HIGH
What is CVE-2026-56313?
Capgo versions prior to 12.128.2 contain a vulnerability in the SSO prelink endpoint, which may allow enterprise administrators to disrupt user accounts across different organizations. This vulnerability can be exploited by attackers possessing org.update_settings permission along with an active SSO service provider. By calling the prelink-users endpoint, these attackers can delete email-based authentication for users whose email domains correspond to their provider, compelling victims to use the attacker's SSO provider or necessitating a password reset, thus creating potential access and authentication issues.
Affected Version(s)
Capgo 0 < 12.128.2
Capgo 12.128.2
